Judge Gutierrez of the US District Court for the Central District of California gave his final approval in a class action settlement against Bosley Inc. (“Bosley”), a hair-restoration clinic. The hair clinic must pay $500,000 to settle a class action lawsuit against them stemming from an August 2020 ransomware attack. Cybercriminals were able to steal Personally Identifiable Information (“PII”) of more than 100,000 people and hold it for ransom. Cybercriminals could easily gain access to Bosley’s computer systems due to the lack of adequate data security the hair clinic had. Some of the PII exfiltrated out of Bosley’s systems were Social Security numbers, financial account and payment-card numbers, and driver’s license numbers of Plaintiffs and class members.

Plaintiffs will each receive a service award of $1,250. Class members will receive reimbursement for up to $5000 for any extraordinary expenses accrued from the data breach. Additionally, Class members will be reimbursed for up to $300 per member for ordinary expenses and lost time spent mitigating risks of fraud and identity theft. California sub-class members will be eligible for an additional $50 due to a California statutory claim made by the sub-class against Bosley. Lastly, Bosley will be required to offer two years of fraud-monitoring services for those that wish to opt-in.